Page 1 of 5 123 ... LastLast
Results 1 to 10 of 49

Thread: Configuring the firewall so that hp-setup can find network printers

Hybrid View

  1. #1
    Join Date
    Jun 2020
    Posts
    23

    Default Configuring the firewall so that hp-setup can find network printers

    Hi,

    I'm new to OpenSUSE (coming from Ubuntu where everything was automagical) and have a problem connecting my laptop to HP printers over the network. The printer here is a HP OfficeJet Pro 8715.

    I've read the previous thread about related issues where they brute forced the problem by hard-coding a firewall rule that opens everything for the IP address of the printer. However I would prefer to avoid that, because I'm traveling a lot and would prefer to avoid clobbering my firewall with site-specific IP exceptions.

    When I try to autodiscover printers over the network with hp-setup, I get the following error message:
    Code:
    $ hp-setup
    
    HP Linux Imaging and Printing System (ver. 3.19.12)
    Printer/Fax Setup Utility ver. 9.0
    
    
    Copyright (c) 2001-18 HP Development Company, LP
    This software comes with ABSOLUTELY NO WARRANTY.
    This is free software, and you are welcome to distribute it
    under certain conditions. See COPYING file for more details.
    
    
    Searching... (bus=net, timeout=5, ttl=4, search=(None) desc=0, method=slp)
    error: No devices found on bus: net
    error:  HPLIP cannot detect printers in your network.  This may be due to existing firewall settings blocking the required ports.
    When you are in a trusted network environment, you may open the ports for network services like mdns and slp in the firewall. For detailed steps follow the link.
    http://hplipopensource.com/node/374  
    
    
    Done.
    When I disable the firewall with `sudo systemctl stop firewalld.service`, the printer is detected, so the problem is definitely the firewall.

    The firewall is configured as follows, as you can see mdns and slp are both enabled:
    Code:
    $ sudo firewall-cmd --get-active-zoneshome
      interfaces: wlan0
    
    $ sudo firewall-cmd --zone=home --list-all
    home (active)
      target: default
      icmp-block-inversion: no
      interfaces: wlan0
      sources: 
      services: dhcpv6-client mdns samba-client slp ssh
      ports: 
      protocols: 
      masquerade: no
      forward-ports: 
      source-ports: 
      icmp-blocks: 
      rich rules:
    What changes do I need to make to the firewall's home zone configuration to allow the necessary services?

  2. #2
    Join Date
    Jun 2020
    Posts
    23

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Addendum: here's an analogous discussion in the German OpenSUSE forum, so far with no results; if a solution should come up there, I will double it here.

  3. #3
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,061

    Default Re: Configuring the firewall so that hp-setup can find network printers

    HP uses mDNS (Bonjour) for printer discovery so open 5353/UDP for traffic.

    Code:
    sudo firewall-cmd --permanent --zone=home --add-port=5353/udp
    sudo firewall-cmd --reload
    That might do the trick. Might consider opening it for public as well.
    .: miuku #suse @ irc.freenode.net

  4. #4
    Join Date
    Jun 2020
    Posts
    23

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Quote Originally Posted by Miuku View Post
    HP uses mDNS (Bonjour) for printer discovery so open 5353/UDP for traffic.

    Code:
    sudo firewall-cmd --permanent --zone=home --add-port=5353/udp
    sudo firewall-cmd --reload
    That might do the trick. Might consider opening it for public as well.
    Thank you. For some reason, the default method in hp-setup appears to be not mDNS, but SLP (see the error message in the first post).

    I got it to work now by allowing port 5353 through the firewall (--add-service=mdns) and then, in hp-setup, selecting Avahi under Advanced Configuration. It has to be Avahi; if I select mDNS, it doesn't work..

    I'm curious why the default SLP doesn't work even if I enable SLP on the firewall, either by --add-service=slp or by opening port 427 manually. Any idea what could be the issue with SLP? Maybe a multicast problem?

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Quote Originally Posted by rxmd View Post
    I'm curious why the default SLP doesn't work even if I enable SLP on the firewall, either by --add-service=slp or by opening port 427 manually. Any idea what could be the issue with SLP? Maybe a multicast problem?
    I don't use SLP for printer discovery, but are you sure that the printer is using this mechanism anyway? Is it enabled in the printer?
    openSUSE Leap 15.2; KDE Plasma 5

  6. #6
    Join Date
    Jun 2020
    Posts
    23

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Quote Originally Posted by deano_ferrari View Post
    I don't use SLP for printer discovery, but are you sure that the printer is using this mechanism anyway? Is it enabled in the printer?
    It works with SLP when I disable the firewall, so I'm pretty sure that SLP would work if I only had the right firewall rule to let it through.

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Quote Originally Posted by rxmd View Post
    It works with SLP when I disable the firewall, so I'm pretty sure that SLP would work if I only had the right firewall rule to let it through.
    Try adding the following direct rule for IPv4 multicast packets...
    Code:
    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
    sudo firewall-cmd --reload
    FWIW, a similar thread I recall...
    https://forums.opensuse.org/showthre...43#post2905543
    openSUSE Leap 15.2; KDE Plasma 5

  8. #8
    Join Date
    Jun 2020
    Posts
    23

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Quote Originally Posted by deano_ferrari View Post
    Try adding the following direct rule for IPv4 multicast packets...
    Code:
    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
    sudo firewall-cmd --reload
    Thank you. Yes, I saw that other thread (I linked to it in my initial post). There the solution was to open a hard firewall exception for a single IP address, in a home setting that's probably fine, but I'm moving from network to network (and from printer to printer) and I would prefer to get it working as intended

    I was also thinking that maybe multicast (which I know almost nothing about) is the issue, however that doesn't seem to work - hp-setup still does not see the printer not using mDNS or SLP, only using "avahi":

    Code:
    # hp-setup
    
    HP Linux Imaging and Printing System (ver. 3.19.12)
    Printer/Fax Setup Utility ver. 9.0
    
    Copyright (c) 2001-18 HP Development Company, LP
    This software comes with ABSOLUTELY NO WARRANTY.
    This is free software, and you are welcome to distribute it
    under certain conditions. See COPYING file for more details.
    
    QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
    Searching... (bus=net, timeout=5, ttl=4, search=(None) desc=0, method=slp)
    error: No devices found on bus: net
    error:  HPLIP cannot detect printers in your network.  This may be due to existing firewall settings blocking the required ports.
                    When you are in a trusted network environment, you may open the ports for network services like mdns and slp in the firewall. For detailed steps follow the link.
                     http://hplipopensource.com/node/374  
    Searching... (bus=net, timeout=5, ttl=4, search=(None) desc=0, method=mdns)
    error: No devices found on bus: net
    error:  HPLIP cannot detect printers in your network.  This may be due to existing firewall settings blocking the required ports.
                    When you are in a trusted network environment, you may open the ports for network services like mdns and slp in the firewall. For detailed steps follow the link.
                     http://hplipopensource.com/node/374  
    Searching... (bus=net, timeout=5, ttl=4, search=(None) desc=0, method=avahi)
      
    Done.
    
    Here is my firewall configuration:

    Code:
    # firewall-cmd --list-all
    home (active)
      target: default
      icmp-block-inversion: no
      interfaces: wlan0
      sources:  
      services: dhcpv6-client mdns samba-client slp ssh
      ports: 5353/udp
      protocols: igmp
      masquerade: no
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules: 
    # firewall-cmd --direct --get-all-rules
    ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
    ipv6 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
    
    Interesting that mDNS in hp-setup doesn't work, but Avahi does:
    Code:
    # avahi-browse -at  
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                _uscans._tcp         local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                _uscans._tcp         local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                _privet._tcp         local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                _privet._tcp         local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                Secure Internet Printer local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                Secure Internet Printer local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                _uscan._tcp          local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                _uscan._tcp          local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                _http-alt._tcp       local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                _http-alt._tcp       local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                _scanner._tcp        local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                _scanner._tcp        local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                Web Site             local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                Web Site             local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                Internet Printer     local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                Internet Printer     local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                PDL Printer          local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                PDL Printer          local
    +  wlan0 IPv6 HP OfficeJet Pro 8710 [AD5ECE]                UNIX Printer         local
    +  wlan0 IPv4 HP OfficeJet Pro 8710 [AD5ECE]                UNIX Printer         local
    (some other devices omitted)
    I wonder whethere there is some more SLP-specific multicast configuration I need to do, or am I missing something in my firewall config?

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: Configuring the firewall so that hp-setup can find network printers

    Quote Originally Posted by rxmd View Post
    Thank you. Yes, I saw that other thread (I linked to it in my initial post). There the solution was to open a hard firewall exception for a single IP address, in a home setting that's probably fine, but I'm moving from network to network (and from printer to printer) and I would prefer to get it working as intended

    I was also thinking that maybe multicast (which I know almost nothing about) is the issue, however that doesn't seem to work - hp-setup still does not see the printer not using mDNS or SLP, only using "avahi":
    DNS-SD (same port as mDNS) is used by many printers to advertise their presence in a network. All part of the Avahi implementation. The 'avahi-browse' output shows that it is working, so not a firewall issue at all. You don't need to include port 5353 explicitly, as the 'mdns' firewalld service provides that configuration, and is all that should be needed. (SLP should not really be required at all.)
    openSUSE Leap 15.2; KDE Plasma 5

  10. #10
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: Configuring the firewall so that hp-setup can find network printers

    It would be interesting to see if the network printer is enumerated using DNS-SD via these two commands...
    Code:
    sudo lpinfo -l -v
    Code:
    sudo hp-check -t
    openSUSE Leap 15.2; KDE Plasma 5

Page 1 of 5 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •